Abstract: An electronic device generates identifying values which are used in authenticating the electronic device. The device comprises an interface, a private key generator for generating a private key, a non-volatile memory for storing at least the private key, an index source, a hash engine, and a logical interconnection between the private key generator, the non-volatile memory, the index source, the hash engine and the interface. The hash engine generates identifying values provided to the interface via the logical interconnection. The identifying values are provided to a verifying device for use in authenticating the electronic device. Alternatively or in addition, devices may be paired to share a root key to cryptographically communicate between each other and/or to authenticate each other.

Abstract: A licensing platform is provided. The licensing platform, in communication with a first license sharing device and a second license sharing device, includes a license database and a main license sharing device. The license database provides a plurality of licenses. The main license sharing device includes: a license allocation manager, in communication with the license database, for dynamically managing a usage status of the plurality of licenses; a next-tier membership manager, in communication with the license sharing devices, for allocating at least one of the plurality of licenses to the license sharing devices, and updating a license usage status of the license sharing devices; and a license record manager, in communication with the license allocation manager and the next-tier membership manager, for recording the usage status of the plurality of licenses.

Abstract: Communicating data is disclosed. A time delay encoding a data to be communicated is selected. A sonic signal is combined with a version of the sonic signal that is delayed by the selected time delay. The data is communicated at least in part by transmitting the combined signal to a mobile device.

Abstract: Privileged access to managed content is disclosed. In some embodiments, a privileged portion of application code manages user access to managed content at a level of access greater than the user would otherwise be afforded. The privileged code moves a content management session up or down in levels of access as required to allow a user to perform through the application one or more specific actions it is desired to permit the user to do in a particular context (e.g., at a particular time in the lifecycle of an item of content and/or a particular point in a business process or work flow), including to permit the user to perform an action it is not desired to let the user perform in other contexts, such as write a particular value to a content item it is not desired to allow the user to write to otherwise.

Abstract: A novel privacy control-adjustable vehicle monitoring system and a related method of operation provide a dynamically-adjustable access grant or denial of privacy-sensitive vehicle information to a vehicle monitoring personnel based on a driver's response to an electronic request made by the vehicle monitoring personnel. In one embodiment, vehicle information is categorized into a mandatory disclosure dataset and a privacy-adjustable dataset, wherein the mandatory disclosure dataset is disclosed to the vehicle monitoring personnel at all times, while the privacy-adjustable dataset is accessible if the driver grants access via a driver's user interface on an onboard vehicle user interface, or on a mobile electronic device. Furthermore, a special wild card mode visible to the driver enables the vehicle monitoring personnel to access an entire set of vehicle information for a limited period per access and for a limited number of accesses per period, based on a pre-arranged consent with the driver.

Abstract: In an embodiment, a data processing method comprises receiving computer program data at a security unit having one or more processors; implementing one or more security-related modifications to the computer program data, resulting in creating modified computer program data; executing the modified computer program data in a monitored environment; analyzing output from the modified computer program data and identifying one or more variances from an expected output; performing a responsive action selected from one or more of: disabling one or more security protections that have been implemented in the modified computer program data; reducing or increasing the stringency of one or more security protections that have been implemented in the modified computer program data; updating the security unit based on the variances.

Abstract: A method of securely providing postal address data to a requesting client device includes storing, at a server, a plurality of number items each associated with at least one respective address item. Each number item is indicative of a mobile telephone number and each address item is indicative of postal address data. A requesting client device sends an address item request, to the server, and the address item request includes a target key indicative of a mobile telephone number. The address item request is received at the server. A respective address item associated with a number item indicative of the mobile telephone number indicated by the target key is identified at the server. A data package including at least a part of the postal address data indicated by the respective address item identified at the server is sent from the server to the requesting client device.

Abstract: A location-trace comparison system can perform privacy-preserving computations on locations traces for two or more users, for example, to determine a location-visit overlap for these users. During operation, the system obtains location-event descriptions for locations that a local user has visited and/or is likely to visit, such that a respective location-event description indicates a location identifier and a time-interval identifier. The system encrypts the location-event descriptions to generate a corresponding set of encrypted local-user events, and receives encrypted remote-user events from a remote device, for at least one remote user. The system compares the encrypted location events to determine an overlap between the set of encrypted local-user events and the set of encrypted remote-user events.

Abstract: An information recording system includes a recording medium capable of limiting a function by password and an information recording device for controlling the recording medium. The recording medium stores an input password, counts updating event(s) of a password, stores the update count of the password, outputs information stored in the password related information storage according to a READ request issued from the information recording device, compares a input password with a password stored in the password register, limits a predetermined function of the recording medium according to the comparison result from the password comparator. The information recording device stores a password and a password identification ID which is associated with the update count of the password, selects a password with reference to the update count of the password and the password identification ID and outputs the selected password into the recording medium to compare the passwords.

Abstract: A display device includes a display unit configured to display an image and to sense a touch input; a sensor unit configured to sense a fingerprint from the touch input; a storage unit configured to store data; and a processor configured to control the display unit, the sensor unit, and the storage unit, wherein the processor is further configured to: detect a selection input for selecting first information, the first information having a security on state or a security off state; obtain the fingerprint from the selection input, and convert the first information from the security on state into the security off state when the obtained fingerprint is matched with a pre-stored fingerprint; and when a predetermined was detected before the first information is converted into the security off state, maintain the first information to the security on state by not obtaining the fingerprint from the selection input.

Abstract: A system and methods of detecting an occurrence of a violation of an email security policy of a computer system. A model relating to the transmission of prior emails through the computer system is defined which is derived from statistics relating to the prior emails. For selected emails to be analyzed, statistics concerning the selected email are gathered. Such statistics may refer to the behavior or other features of the selected emails, attachments to emails, or email accounts. The determination of whether a violation of an email security policy has occurred is performed by applying the model of prior email transmission to the statistics relating to the selected email. The model may be statistical or probabilistic. A model of prior email transmission may include grouping email recipients into cliques. A determination of a violation of a security policy may occur if email recipients for a particular email are in more than one clique.

Abstract: A method and system for secure and scalable key management for cryptographic processing of data is described herein. In the method, a General Purpose Cryptographic Engine (GPE) receives key material via a secure channel from a key server and stores the received Key encryption keys (KEKs) and/or plain text keys in a secure key cache. When a request is received from a host to cryptographically process a block of data, the requesting entity is authenticated using an authentication tag included in the request. The GPE retrieves a plaintext key or generate a plaintext using a KEK if the authentication is successful, cryptographically processes the data using the plaintext key and transmits the processed data. The system includes a key server that securely provides encrypted keys and/or key handles to a host and key encryption keys and/or plaintext keys to the GPE.

Abstract: A digital signature method, a method for initializing a digital signature scheme, a system for digitally signing a message and a computer program product are described. At least the digital signature method involves a signer having a weak security parameter. The signer retrieves a cryptographic element from each of a plurality of computing entities. Each cryptographic element is a function of a commitment supplied by the signer and the commitment includes a cryptographic function of a weak security parameter provided by the signer. A strong cryptographic security parameter is generated using a plurality of said elements. A message is then signed according to the digital signature scheme using the strong cryptographic security parameter to generate a digital signature.

Abstract: A method includes receiving authentication information for a client device at a server. The authentication information includes a network address of the client device, a geographic location of the client device, and a first result of a one-way hash function based on a combination of the network address, an authentication seed, and a first secret. The method includes computing, with the server, a second result of the one-way hash function based on a combination of the network address, the authentication seed, and a second secret. The method also includes enabling the client device to access a second network in response to a determination by the server that the first result matches the second result and a determination by the server that the client device is authorized to access the second network based on the geographic location.

Abstract: Systems and methods for handling electronic messages. An electronic message that is associated with a digital certificate is to be processed. A decision whether to check the validity of the digital certificate is based upon digital certificate checking criterion. An IT administrator may provide to one or more devices configuration data that establishes the digital certificate checking criterion.

Abstract: A system is described that contains a device including a memory with a management application installed thereon. The management application contains a manager that generates a plurality of user accounts and associates at least one communication service as a messaging account with each user account, and an interface module that generates a user interface that presents the plurality of user accounts and that modifies the user interface based on the identification of the selected user account to present a selected account display.

Abstract: An information processing system, an information processing method for use with the system, an information providing system, and information providing method for use with the system, an information processing apparatus, an information processing method for use with the apparatus, a doll, an object, a program storage medium, and a program for authenticating users reliably are provided. A user acquires beforehand a doll called Pochara the Good Friend incorporating an IC chip that stores a user ID for authenticating the user. When the user mounts the doll on a platform connected to a personal computer, the user ID is read from the IC chip by a reader housed in the platform and transmitted over the Internet to a Pochara service server. The server has a Pochara database holding personal information about users of the service. The transmitted user ID is checked against the personal information in the database for authentication. This invention applies advantageously to servers offering services through networks.

Abstract: An appliance and method for authorizing a level of access of a client to a virtual private network connection, based on a client-side attribute includes the step of establishing, by an appliance, a control connection with a client upon receiving a client request to establish a virtual private network connection with a network. The appliance transmits, via the control connection, a request to the client to evaluate at least one clause of a security string, the at least one clause including an expression associated with a client-side attribute. The client transmits, via the control connection, a response to the appliance comprising a result of evaluating the at least one clause by the client. The appliance assigns the client to an authorization group based on the result of evaluation of the at least one clause.

Abstract: A system and method for automatically determining if a computer user is a human or an automated script. Human interactive proofs (HIPs) are currently used to deter automated registration for web services by automated computer scripts. Unfortunately, while every endeavor is made to obscure the HIPs from such automated processes, the presentation of current HIPs leaves systems very much open to malicious attack from automated computer scripts and processes such as optical character readers (OCR). Those HIPs that have proven more successful in foiling malicious attacks have proved difficult for humans to decipher.

Abstract: Plural modes of operation may be established on a mobile device. Specific modes of operation of the mobile device may be associated with specific spaces in memory. By associating the existing certificate store structure and key store structure with a mode of operation, certificates and keys can be assigned to one space among plural spaces. Furthermore, management (viewing/importation/deletion) of certificates associated with specific modes of operation may be controlled based on the presence or absence of a mobile device administration server and the status (enabled/disabled) of an IT policy.